A hack history. How to have an iptables with a Pix interface.

1. Infosecurity07

2. Free LIX : semplicità e controllo Infosecurity07

3. Introduzione Infosecurity07

4. Infosecurity07

5. Infosecurity07

6. Infosecurity07 IBM SecureWay Firewall ipChains ipTables Cisco PIX

8. Progetto Infosecurity07

9. Infosecurity07

10. Infosecurity07 Free LIX Information eXchanger

12. Infosecurity07 OS plugin memory MCS CCS store backup configuration cmd CES CLI.0 CEI.0 cmd NAP

19. Prototipo Infosecurity07 free LIX

20. Infosecurity07 componenti base: via EPIA CL10000 CF 64MB adattatore CF/IDE 256RAM raiser card PCI --------------------------------- possibili estensioni: quad ethernet pci 10/100/1000 ethernet pci scheda ADSL pci scheda ISDN pci

24. Infosecurity07 liscoZero(config)# sh running-config /tmp/mcs.dump.2000145 : :MCS init : :LisCO process 0:3091 (ces) (null) start 1167569374 1:2000 (mcs) (null) start 1167569364 2:7251 (cli) (null) start 1168030504 refer to 7250 3:7250 (cei) - start 1168030504 refer to 7251 : :enable password 4:enable password LLrT4kLLWpgMs encrypted : :interface 5:interface ethernet0 10half 6:interface ethernet1 10half : :nameif 7:nameif ethernet0 outside security0 8:nameif ethernet1 inside security100 : :ip address 9:ip address outside 10.0.0.35 255.255.255.0 10:ip address inside 10.0.1.100 255.255.255.0 : :route 11:route outside 0.0.0.0 0.0.0.0 10.0.0.33 : :access-list : :outside_access_in 12:access-list outside_access_in permit tcp any host 10.0.1.129 eq 22 : :inside_access_in 13:access-list inside_access_in permit ip 10.0.1.0 255.255.255.0 any : :access-group 14:access-group outside_access_in in interface outside 15:access-group inside_access_in in interface inside : :static 16:static ( inside,outside ) tcp 10.0.0.36 22 10.0.1.129 22 : :lix br 17:lix switch br0 3 10.10.10.200 255.255.255.0 40 : :lix vhost 18:lix vhost V0 vid vlisco0 memory 32 switch br0 0 vscsi vroot veth 10.10.10.1 : :lix start 19:lix start

25. Infosecurity07 versione a 6 porte 10/100 con HA e bilanciatore versione a 2 porte 10/100 e DMZ virtuale

26. Dettagli Infosecurity07

27. Infosecurity07 16:static ( inside,outside ) tcp 10.0.0.36 22 10.0.1.129 22 LIX plugin-module ver. 1.0.0 20060307.2236 OOoo-----------------------------------------------------ooOO ../plugin/static.set inside,outside tcp 10.0.0.36 22 10.0.1.129 22 /tmp/mcs.dump.2000439 iptables -t nat -I PREROUTING -i inside -d 10.0.0.36 -p tcp --dport 22 -j DNAT --to-destination 10.0.1.129:22 Chain PREROUTING (policy ACCEPT 16 packets, 920 bytes) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- outside any anywhere 10.0.0.36 tcp dpt:22 to:10.0.1.129:22 oo----- New VIP list generation -----------------------oo Found [10.0.0.35 10.0.0.37 ] VIP defined in [outside] interface Adding alias [10.0.0.36 24] on dev [outside] oo----- New VIP list generation for VRRP --------------oo -rw-r--r-- 1 root root 25 Dec 31 12:49 /LisCO/tmp/VRRP-outside-10.0.0.36.vip -rw-r--r-- 1 root root 25 Dec 31 12:49 /LisCO/tmp/VRRP-outside.vip oo----- Add permit INPUT chain -----------------------oo Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- outside any anywhere 10.0.0.36 tcp dpt:22 0 0 ACCEPT all -- any any anywhere 224.0.0.0/24 0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 1 60 ACCEPT icmp -- any any anywhere anywhere icmp echo-request 0 0 LOG all -- any any anywhere anywhere LOG level info prefix `[I]' OOoo-----------------------------------------------------ooOO 9: outside: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue link/ether 00:40:63:d4:26:70 brd ff:ff:ff:ff:ff:ff inet 10.0.0.35/24 brd 10.0.0.255 scope global outside inet 10.0.0.36/24 scope global secondary outside

28. Infosecurity07 65:failover lan enable LIX plugin-module ver. 1.0.0 20060307.2236 OOoo-----------------------------------------------------ooOO ../plugin/failover.active /tmp/mcs.dump.2012282 oo--- Loading VRRP*.vrrp macro ------------------------oo Loading /LisCO/tmp/VRRPAUTH.vrrp Loading /LisCO/tmp/VRRPIF.vrrp Loading /LisCO/tmp/VRRPPOLL.vrrp Loading /LisCO/tmp/VRRPSTATE.vrrp lrwxrwxrwx 1 root root 28 Jun 9 2005 /etc/keepalived.conf -> ../LisCO/etc/keepalived.conf

29. Infosecurity07 18:lix vhost V0 vid vlisco0 memory 32 switch br0 0 vscsi vroot veth 10.10.10.1 -bash-2.05b# cat V0 #!/bin/bash cd /virtual/ /LisCO/vDMZ/linuxumlid= vlisco0 con=nullcon0=fd:0devfs=nomountmem= 32M eth0=tuntap, br0-p0 ,FF:DD:00:00:00:0,ubd0=./ vroot CONFMODEUMLID=vlisco0NET.IPADDR= 10.10.10.1 NET.NETMASK=255.255.255.0NET.NETWORK=10.10.10.0NET.BROADCAST=10.255.255.255NET.DEV=eth0NET.GW=10.10.10.200 -bash-2.05b# ls -l drwx------ 2 root root 16384 Aug 17 2005 lost+found -rwxr-xr-x 1 root root 5886116 Aug 21 2005 vmlinux-2.6.11.rc4-um-22052005 -rw-r--r-- 1 root root 67108864 Jan 6 01:10 vroot